Endpoint Security: The Right Balance Between Positive and Negative Approaches

Endpoint security represents the frontline in your fight against cybercriminals. Despite the relative maturity of the endpoint security market, new threats and evolving attacker capabilities have proven traditional approaches inadequate - and left organizations exposed.

Guest speaker Forrester Senior Analyst Chris Sherman and Nyotron's Senior Director of Product Management Rene Kolga will discuss the current state of endpoint security while highlighting a path forward for organizations looking to re-focus their strategies to combat current threats.

Most security solution buyers assume they’re protected against known malware. Numbers like 99.9% are common in vendors’ marketing materials. Hence, efficacy conversations tend to focus instead on the solution’s performance against the unknown, zero-day threats. However, with between half a million and one million new pieces of commodity malware created every day, how are antivirus solutions keeping up? Where is this database of signatures, hashes, reputation and behavior stored for over a billion of known pieces of malware? Is the 99.9% number an illusion or reality?

In this webinar we will leverage a study of three leading antivirus products against 60,000 pieces of known new and old malware. The results will surprise you...

Does the ILOVEYOU virus from the year 2000 still pose a threat? You’ll have to join this webinar to find out.

What will 2019 bring for the security landscape? How many Marriott-like breaches should you expect? What new types of attacks are you likely to see, and what can you do now to prepare for them? Nyotron’s team of security experts will have the answers for you during our December 19th live webinar.

Making informed predictions first requires thinking back on 2018 with a critical eye. We will review a few of the most significant vulnerabilities and data breaches that made national headlines, from the City of Atlanta to Meltdown and Spectre, to the Marriott debacle and why the healthcare industry appears unable to defend itself. Our panel will also discuss the issues and trends they expect will dominate 2019, including adversarial artificial intelligence (AI) and destructive attacks on ICS.

We will wrap up with ideas on how you can make an effective case for additional security budget and how to educate yourself about the changing threat landscape (and to get those CPE’s before the year’s end).

As the security perimeter has moved to the endpoint, protecting these devices has become a real challenge. A recent study conducted by Cybersecurity Insiders and Nyotron finds only 50% of organizations are confident they can stop over 75% of attacks, and 21% estimate they can thwart less than half. Over three quarters of the cybersecurity professionals we polled believe the importance of endpoint security is increasing, so how can they convince their stakeholders to budget for appropriate endpoint defenses in 2019? This live webinar will answer that question.

In this live data-driven webinar, cybersecurity experts Rene Kolga from Nyotron and Holger Schulze from Cybersecurity Insiders will explore:
-Why only half of organizations have confidence in their current endpoint security posture
-What organizations are doing to boost endpoint security
-What you can do in 2019 to better mitigating the risks

The "enumeration of badness" approach to security has failed for two major reasons. First, the amount of "badness" is practically infinite. Second, it's unrealistic to detect all future "badness" based on the past. Yet, the majority of products are still based on this method. The Spectre and Meltdown vulnerabilities reveal the unpredictability of future "badness".

However, "goodness" is actually finite. So, is it possible to create a map of all legitimate OS behavior? The answer is yes, and I have designed a new language called Behavior Pattern Mapping (BPM) that accomplishes this.

As I demonstrated during my Black Hat 2018 presentation, BPM can be implemented as deterministic finite automata (DFA). If you missed my presentation, join me for this webinar and see BPM's threat-agnostic defense in action. Maybe security is easy after all?

About the speaker: Nir Gaist, Founder and CTO of Nyotron, is a recognized information security expert and ethical hacker. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir has worked with some of the largest Israeli organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.

Earlier this year Department of Homeland Security’s US-CERT issued Technical Alert TA18-074A called ‘Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors’. This alert provided information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contained indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) Russian government cyber actors use to compromise their victims’ networks.

In this webinar we will go over those TTPs and put them to use. Specifically, we will demonstrate how easy it is to leverage Server Message Block (SMB) protocol authentication session to obtain user’s credential hash and then crack it in real-time revealing the actual password. We will show multiple ways of using this approach and attempt to reproduce Russia’s success in our environment. No product pitches, just good old live hacking!

About speakers:
Guy Meoded is a Senior Security Researcher at Nyotron. Prior to Nyotron, Guy was a Trojan Analyst at RSA.

Rene Kolga, CISSP, is a Sr. Director of Product and Marketing at Nyotron. Rene has over 20 years of industry experience, including expertise in endpoint protection, insider threat, encryption and vulnerability management. Rene run Product teams at multiple Silicon Valley startups as well as Fortune 500 companies, including Symantec, Citrix, Altiris and ThinAir. Earlier in his career, Rene managed Customer Success and QA teams. Rene earned his Computer Science degree from Tallinn University of Technology. He also received an MBA from University of Utah.

Security professionals accept the paradigm of “more protection equals more false positives (FPs)” as a fact of life. The tighter they make the “screws” of the security policies in their DLP, Web or Email Gateways, UEBA, application control/whitelisting and AV tools, the higher the likelihood something benign is misclassified as malicious. That’s why it is not uncommon to see false positive rates exceed 5% using the most aggressive settings.

What if we were thinking about this wrong? Can we break this correlation between more security and more FPs?

During this webinar we will briefly review the definition of false positives, false negatives, true positives and true negatives, as well as the history of “more protection = more FPs” paradigm. Then we will turn the paradigm on its head and discuss how more protection can actually mean fewer FPs.

About the Speaker
Nir Gaist, Founder and CTO of Nyotron, is a recognized information security expert and ethical hacker. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir has worked with some of the largest Israeli organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.

With the release of Windows 10 Fall Creators Update, Microsoft added a new feature called Controlled Folder Access (CFA) to Windows Defender Exploit Guard. This features allows users and organizations to control which processes can access certain folders in an attempt to help protect data from malicious programs, such as ransomware or wipers.

But, will CFA really keep your data safe? Vera Drobov of Nyotron’s Security Research Team and Rene Kolga, Senior Director of Product Management at Nyotron will discuss why this isn’t likely due to vulnerabilities in the CFA feature. Our team has discovered at least five different ways of exploiting and bypassing CFA, including:

Endpoint security represents the frontline in your fight against cybercriminals. Despite the relative maturity of the endpoint security market, new threats and evolving attacker capabilities have proven traditional approaches inadequate - and left organizations exposed.

Guest speaker Forrester Senior Analyst Chris Sherman and Nyotron's Senior Director of Product Management Rene Kolga will discuss the current state of endpoint security while highlighting a path forward for organizations looking to re-focus their strategies to combat current threats.

Rene Kolga, Senior Director of Product Management at Nyotron and Robert Zamani, Director of Solutions Architect at Nyotron

Nyotron’s research team began tracking new active OilRig attacks on a number of organizations across the Middle East in November 2017. Our security team has discovered that the Iran-linked OilRig group has significantly evolved its tactics, techniques and procedures (TTPs), introduced next-generation malware tools and new data exfiltration methods since previous attacks.

Among key advancements, the new variant of OilRig introduces a variety of new command and control (C&C) and data exfiltration capabilities using Google Drive, SmartFile, a file sharing and transfer solution, and an ISAPI filter to extend the functionality of Microsoft Internet Information Services (IIS) servers.

During this webinar, Nyotron will provide technical details of the attacks along with the TTPs used and the timelines to help security professionals deal with this threat actor in the future.

Machine Learning (ML) has become the shiny new object for security and is the foundational pillar of products such as Next-Generation Antivirus (NGAV) and User and Entity Behavior Analytics (UEBA). While most of these products have promised to be a “silver bullet” against malware, complete protection remains elusive. In fact, ML is more likely to detect and cure cancer than to stop all of today’s advanced threats for a number of reasons:

• The past doesn’t predict the future
• Nothing will keep the bad guys out
• The harder you try the more you fail
• You can’t always be connected
• It’s a black box

Shahid N. Shah, an internationally recognized cybersecurity and risk management expert, and Rene Kolga, Senior Director of Product Management at Nyotron, will explain these shortcomings and how to avoid them. Instead of chasing after an infinite number of malware variants and attack vectors, a different approach to malware detection is to focus on the finite intentions behind attacks, such as data exfiltration, corruption and deletion.

This presentation will include a dynamic discussion between Lenny Liebmann, founding partner at Morgan Armstrong and Nir Gaist, founder and CTO at Nyotron on why the Negative Security model that tries to track down everything “bad” will eventually miss some elusive new threat.

Although a multi-layered security strategy that includes a Positive Security model provides better and more continuous protection for endpoints, this model has historically been difficult since it involves complex and time consuming whitelist maintenance. Lenny and Nir will describe a new OS-Centric Positive Security model that is a game changing innovation for simpler and more effective endpoint security.

Nyotron offers the last line of defense to help win the war on malware. Based on the industry’s first OS-Centric Positive Security model that only allows legitimate operating system behavior, Nyotron prevents data exfiltration, corruption and other damage. Nyotron seamlessly complements existing endpoint security products with a future-proof solution, providing protection from any attack vector without foreknowledge of an exploit. The company’s headquarters is in Santa Clara, California, and R&D is in Israel. To learn more, visit www.nyotron.com.